/**
* @internal
* @param $optName
* @param $optData
*/
function wpsPlugin_updateRssFeedOption($optName, $optData)
{
$obj = new stdClass();
$obj->expires = time() + 24 * 60 * 60;
$obj->data = $optData;
WpsOption::updateOption($optName, $obj);
}
function wpsPluginValidateSettingsForm($refreshRates)
{
if (isset($_POST['max_number_live_traffic']) && isset($_POST['refreshRateOption'])) {
// validate input $_POST['max_number_live_traffic']
$keepNumEntriesLiveTraffic = intval($_POST['max_number_live_traffic']);
if ($keepNumEntriesLiveTraffic == 0) {
$keepNumEntriesLiveTraffic = 0;
} elseif (!preg_match("/[0-9]{1,5}/", $keepNumEntriesLiveTraffic)) {
$keepNumEntriesLiveTraffic = 500;
}
// validate input $_POST['refreshRateOption']
$liveTrafficRefreshRateAjax = intval($_POST['refreshRateOption']);
if (!in_array($liveTrafficRefreshRateAjax, $refreshRates)) {
$liveTrafficRefreshRateAjax = 10;
} elseif ($_POST['refreshRateOption'] == 0) {
$liveTrafficRefreshRateAjax = 0;
} elseif (!preg_match("/[0-9]{1,2}/", $liveTrafficRefreshRateAjax)) {
$liveTrafficRefreshRateAjax = 10;
}
// update settings
WpsOption::updateOption('WPS_KEEP_NUM_ENTRIES_LT', $keepNumEntriesLiveTraffic);
WpsOption::updateOption('WPS_REFRESH_RATE_AJAX_LT', $liveTrafficRefreshRateAjax);
return array($keepNumEntriesLiveTraffic, $liveTrafficRefreshRateAjax);
} else {
exit('Invalid request.');
}
}
public static function saveSettings()
{
WpsOption::updateOption(WpsSettings::WP_FILE_SCAN_OPTION_NAME, self::$_settings);
}
/**
* @public
* @static
* @const BLOG_FEED
* Retrieve and display a list of links for an existing RSS feed, limiting the selection to the 5 most recent items.
* @return void
*/
static function displayDashboardWidget()
{
//@ flag
$run = false;
//@ check cache
$optData = WpsOption::getOption(WpsSettings::FEED_DATA_OPTION_NAME);
if (!empty($optData)) {
if (is_object($optData)) {
$lastUpdateTime = @$optData->expires;
// invalid cache
if (empty($lastUpdateTime)) {
$run = true;
} else {
$nextUpdateTime = $lastUpdateTime + 24 * 60 * 60;
if ($nextUpdateTime >= $lastUpdateTime) {
$data = @$optData->data;
if (empty($data)) {
$run = true;
} else {
// still a valid cache
echo $data;
return;
}
} else {
$run = true;
}
}
} else {
$run = true;
}
} else {
$run = true;
}
if (!$run) {
return;
}
$rss = fetch_feed(WpsSettings::BLOG_FEED);
$out = '';
if (is_wp_error($rss)) {
$out = '<li>' . __('An error has occurred while trying to load the rss feed.', WpsSettings::TEXT_DOMAIN) . '</li>';
echo $out;
return;
} else {
// Limit to 5 entries.
$maxitems = $rss->get_item_quantity(5);
// Build an array of all the items,
$rss_items = $rss->get_items(0, $maxitems);
$out .= '<ul>';
if ($maxitems == 0) {
$out .= '<li>' . __('There are no entries for this rss feed.', WpsSettings::TEXT_DOMAIN) . '</li>';
} else {
foreach ($rss_items as $item) {
$url = esc_url($item->get_permalink());
$out .= '<li>';
$out .= '<h4><a href="' . $url . '" target="_blank" title="Posted on ' . $item->get_date('F j, Y | g:i a') . '">';
$out .= esc_html($item->get_title());
$out .= '</a></h4>';
$out .= '<p>';
$d = sanitize_text_field($item->get_description());
$p = substr($d, 0, 120) . ' <a href="' . $url . '" target="_blank" title="Read all article">[...]</a>';
$out .= $p;
$out .= '</p>';
$out .= '</li>';
}
}
$out .= '</ul>';
$out .= '<div style="border-top: solid 1px #ccc; margin-top: 4px; padding: 2px 0;">';
$out .= '<p style="margin: 5px 0 0 0; padding: 0 0; line-height: normal; overflow: hidden;">';
$out .= '<a href="http://feeds.acunetix.com/acunetixwebapplicationsecurityblog"
style="float: left; display: block; width: 50%; text-align: right; margin-left: 30px;
padding-right: 22px; background: url(' . self::imageUrl('rss.png') . ') no-repeat right center;"
target="_blank">' . __('Follow us on RSS', WpsSettings::TEXT_DOMAIN) . '</a>';
$out .= '</p>';
$out .= '</div>';
}
// Update cache
$obj = new stdClass();
$obj->expires = time();
$obj->data = $out;
WpsOption::updateOption(WpsSettings::FEED_DATA_OPTION_NAME, $obj);
echo $out;
}
static function activate()
{
wssLog(__METHOD__ . '() executed');
global $wpdb;
$charset_collate = '';
if (!empty($wpdb->charset)) {
$charset_collate = "DEFAULT CHARACTER SET {$wpdb->charset}";
}
if (!empty($wpdb->collate)) {
$charset_collate .= " COLLATE {$wpdb->collate}";
}
// MUST HAVE "CREATE" RIGHTS if a table is not found and needs to be created
$rights = WsdInfoServer::getDatabaseUserAccessRights();
wssLog('USER RIGHTS', $rights);
$hasCreateRight = in_array('CREATE', $rights['rightsHaving']);
// Must have alter right for updating table
$hasAlterRight = in_array('CREATE', $rights['rightsHaving']);
$table1 = self::getTableName(WpsSettings::ALERTS_TABLE_NAME);
$table2 = self::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME);
$table3 = self::getTableName(WpsSettings::SCAN_TABLE_NAME);
$table4 = self::getTableName(WpsSettings::SCANS_TABLE_NAME);
if (!WsdUtil::tableExists($table1)) {
wssLog("table not found: {$table1}");
if (!$hasCreateRight) {
wssLog("user has no create right. cannot create table: {$table1}");
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query1 = "CREATE TABLE IF NOT EXISTS {$table1} (\n `alertId` INT UNSIGNED NOT NULL AUTO_INCREMENT ,\n `alertType` TINYINT NOT NULL DEFAULT 0 ,\n `alertSeverity` INT NOT NULL DEFAULT 0 ,\n `alertActionName` VARCHAR (255) NOT NULL,\n `alertTitle` VARCHAR(255) NOT NULL ,\n `alertDescription` TEXT NOT NULL ,\n `alertSolution` TEXT NOT NULL ,\n `alertDate` DATETIME NOT NULL default '0000-00-00 00:00:00',\n `alertFirstSeen` DATETIME NOT NULL default '0000-00-00 00:00:00',\n PRIMARY KEY (`alertId`) ,\n UNIQUE INDEX `alertId_UNIQUE` (`alertId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query1);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query1}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table1}");
}
$alterCheck = true;
if (!WsdUtil::tableExists($table2)) {
wssLog("table not found: {$table2}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query2 = "CREATE TABLE IF NOT EXISTS {$table2} (\n `entryId` bigint(20) unsigned NOT NULL auto_increment,\n `entryTime` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',\n `entryIp` text,\n `entryReferrer` text,\n `entryUA` text,\n `entryRequestedUrl` text,\n `entryCountry` varchar(125) not null,\n `entryCity` varchar(125) not null,\n `blogId` INT(10) NOT NULL DEFAULT 1,\n PRIMARY KEY (entryId)) {$charset_collate};";
$result = @$wpdb->query($query2);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query2}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$alterCheck = false;
wssLog("table created: {$table2}.");
}
if ($alterCheck) {
wssLog("Alter check needed for {$table2}.");
if (!$hasAlterRight) {
wssLog('NO ALTER RIGHT');
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>ALTER</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
// Get columns
$query = "SHOW COLUMNS FROM {$table2}";
$cols = $wpdb->get_results($query, ARRAY_A);
$columns = array();
if (empty($cols)) {
wssLog("Could not retrieve columns from table: {$table2}");
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query}</pre></strong>. Please inform the plugin author about this error.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
foreach ($cols as $i => $values) {
if (isset($values['Field']) && !empty($values['Field'])) {
array_push($columns, $values['Field']);
}
}
$entryCountryExists = $entryCityExists = $blogIdExists = false;
if (in_array('entryCountry', $columns)) {
$entryCountryExists = true;
}
if (in_array('entryCity', $columns)) {
$entryCityExists = true;
}
if (in_array('blogId', $columns)) {
$blogIdExists = true;
}
//## Check for column: entryCountry
wssLog("Checking for column: entryCountry");
if (!$entryCountryExists) {
// alter table
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCountry` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryRequestedUrl`;";
$result = @$wpdb->query($q);
if ($result === false) {
wssLog('MySql error: ' . mysql_error());
wssLog("Error running query: {$q}");
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCountry not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCountry");
}
//## Check for column: entryCity
wssLog("Checking for column: entryCity");
if (!$entryCityExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `entryCity` VARCHAR(125) NOT NULL DEFAULT '' AFTER `entryCountry`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: entryCity not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: entryCity");
}
//## Check for column: blogId
wssLog("Checking for column: blogId");
if (!$blogIdExists) {
$q = "ALTER TABLE {$table2} ADD COLUMN `blogId` INT(10) NOT NULL DEFAULT 1 AFTER `entryCity`;";
$result = @$wpdb->query($q);
if ($result === false) {
//#! MySQL error
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$q}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("Column: blogId not found in table {$table2}. but was added.");
} else {
wssLog("column already exists: blogid");
}
wssLog("{$table2} updated successfully");
}
if (!WsdUtil::tableExists($table3)) {
wssLog("table not found: {$table3}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query3 = "CREATE TABLE IF NOT EXISTS {$table3} (\n `entryId` BIGINT NOT NULL AUTO_INCREMENT ,\n `scanId` INT NOT NULL ,\n `filePath` VARCHAR(1000) NOT NULL ,\n `dateModified` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' ,\n `fileNotFound` TINYINT NOT NULL DEFAULT 0,\n PRIMARY KEY (`entryId`) ,\n UNIQUE INDEX `entryId_UNIQUE` (`entryId` ASC) ) {$charset_collate};";
$result = @$wpdb->query($query3);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query3}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
wssLog("table created: {$table3}.");
}
if (!WsdUtil::tableExists($table4)) {
wssLog("table not found: {$table4}");
if (!$hasCreateRight) {
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>: The database user needs the '<strong>CREATE</strong>' right in order to install this plugin.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
$query4 = "CREATE TABLE {$table4} (\n `scanId` INT NOT NULL AUTO_INCREMENT ,\n `scanStartDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanEndDate` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n `scanResult` INT NOT NULL DEFAULT 0,\n `failReason` VARCHAR(5000) NOT NULL DEFAULT '',\n `scanType` int(11) NOT NULL DEFAULT '0',\n PRIMARY KEY (`scanId`) ) {$charset_collate};";
$result = @$wpdb->query($query4);
if ($result === false) {
//#! MySQL error
$notices = WpsOption::getOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, array());
$notices[] = '<strong>' . WPS_PLUGIN_NAME . "</strong>. Error running query: <strong><pre>{$query4}</pre></strong>.";
WpsOption::updateOption(WpsSettings::PLUGIN_ERROR_NOTICE_OPTION, $notices);
return false;
}
}
WpsOption::addOption(WpsSettings::CAN_RUN_TASKS_OPTION_NAME, 1);
return true;
}
$rssWidgetChecked = true;
WpsOption::updateOption('WSD-RSS-WGT-DISPLAY', 'yes');
}
// live traffic
$liveTrafficEnabled = isset($_POST['chk_lt_display']) ? intval($_POST['chk_lt_display']) : 0;
if (empty($liveTrafficEnabled)) {
// hide
$enableLiveTraffic = false;
WpsOption::updateOption(WpsSettings::ENABLE_LIVE_TRAFFIC, false);
} else {
// show
$enableLiveTraffic = true;
WpsOption::updateOption(WpsSettings::ENABLE_LIVE_TRAFFIC, true);
wssLog("Live traffic tool enabled.");
}
WpsOption::updateOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME, $settings);
$settings = WpsOption::getOption(WpsSettings::PLUGIN_SETTINGS_OPTION_NAME);
} elseif (isset($_POST['deleteRssDataButton'])) {
WpsOption::deleteOption(WpsSettings::FEED_DATA_OPTION_NAME);
}
}
?>
<div class="wrap wsdplugin_content">
<h2><?php
echo WPS_PLUGIN_NAME . ' - ' . __('Settings', WpsSettings::TEXT_DOMAIN);
?>
</h2>
<p class="clear"></p>
<div style="clear: both; display: block;">
<div class="metabox-holder">
public static final function registerHit()
{
// check if live traffic tool is enabled
$liveTrafficToolEnabled = WpsOption::getOption(WpsSettings::ENABLE_LIVE_TRAFFIC);
if (!$liveTrafficToolEnabled) {
return;
}
if (is_admin()) {
return;
}
global $wpdb;
$blogID = $wpdb->blogid;
$url = self::getRequestedUrl();
if (self::isUrlExcluded($url)) {
return;
}
$ip = self::getIP();
$referrer = self::getReferrer();
$ua = self::getUserAgent();
$geoIpInfo = self::_getGeoIpInfo($ip);
$country = $geoIpInfo['country'];
$city = $geoIpInfo['city'];
$query = $wpdb->prepare("INSERT INTO " . WsdPlugin::getTableName(WpsSettings::LIVE_TRAFFIC_TABLE_NAME) . " (entryTime, entryIp, entryReferrer, entryUA, entryRequestedUrl, entryCountry, entryCity, blogId)\n VALUES(CURRENT_TIMESTAMP, %s, %s, %s, %s, %s, %s, %d)", $ip, $referrer, $ua, $url, $country, $city, $blogID);
if (false === @$wpdb->query($query)) {
return;
}
$numEvents = 0;
$optData = WpsOption::getOption(WpsSettings::LIVE_TRAFFIC_ENTRIES);
if (empty($optData)) {
WpsOption::addOption(WpsSettings::LIVE_TRAFFIC_ENTRIES, $numEvents);
} else {
$numEvents = intval($optData);
}
WpsOption::updateOption(WpsSettings::LIVE_TRAFFIC_ENTRIES, $numEvents + 1);
}